COMMAND
in.talkd(8)
SYSTEMS AFFECTED
Any systems with a world writable utmp file.
PROBLEM
in.talkd can be used to destroy any file. This is how to do it:
1) change /etc/utmp. Create an entry that have your favorite file
to destroy instead of a tty-line.
2) talk to the user with the patched entry in utmp.
3) The file is truncated. This is yet another example of the
evil of having utmp writable for everybody.
SOLUTION
Make utmp not world writable, this most probably will brake
something else, but it is "The Right Thing".